translation issue

Unanswered Question
May 1st, 2007
User Badges:
  • Bronze, 100 points or more

hello,


suppose there is one host who is accessing two different servers in the network.


when host A access to host B all we have to do is make sure that it gets to talk to it one to one thus i configure this


static (inside,outside) tcp 60.x.x.72 3392 20.172.216.4 3392 netmask 255.255.255.255

static (inside,outside) tcp 60.x.x.72 3394 20.172.216.4 3394 netmask 255.255.255.255


access-list acl_out_in permit tcp host 20.x.x.4 host 60.10.135.72 eq 3392

access-list acl_out_in permit tcp host 20.x.x.4 host 60.10.135.72 eq 3394


and host A can connect to host B with success no problem at all.


Now, when host A try to connect to host C we not only have to nat/translate the source IP of this host but also the like host B scenario that it should be one to one with it, so i configure the following


static (outside,inside) 20.x.x.4 16.172.5.7 netmask 255.255.255.255

static (inside,outside) 60.x.x.72 16.172.23.1 netmask 255.255.255.255


access-list acl_out_in permit tcp host 60.x.x.72 host 20.172.220.4 eq 6003


host A connects to host C successful and no problem.


the issue i have here is that when i see the netstat of host B it shows that the host A (remote host ip address is) 20.172.220.4 whereas it should be it orginal source ip address.


so is there a way it can be done or is it the firewall itself that it's not possible and it would be causing any problem in connection, cuz currently on random times the connection drops automaticaly btw host A and host B, so i assume it is because of this issue.


any help would be great

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
oabduo983 Wed, 05/02/2007 - 11:59
User Badges:
  • Bronze, 100 points or more

Hi,


Why do you need


static (outside,inside) 20.x.x.4 16.172.5.7 netmask 255.255.255.255


If you remove it and clear xlate, I believe you should be fine!


Regards,

zulqurnain Wed, 05/02/2007 - 22:40
User Badges:
  • Bronze, 100 points or more

hello,


i need it in such a way that when 16.172.5.7 access from the outside to inside particular server, the source ip address should get translated to 20.172.220.4, as the server inside is configured to only allow access from specific ip addresses from internal subnet and 20.172.220.4 is one of it.


anyways, i did this and it sort of worked but if there is any other way of doing it please do tell.


access-list NAT_ONE permit ip host 16.172.5.7 host 60.10.136.72


static (outside,inside) 20.172.220.4 access-list NAT_ONE

static (inside,outside) 60.10.136.72 16.172.23.1 netmask 255.255.255.255

static (inside,outside) 60.10.135.72 20.172.216.4 netmask 255.255.255.255


what it did was that when traffic coming from 16.172.5.7 to 60.10.136.72 is tranlated the source ip to 20.172.220.4 as it should


and when traffic coming from 16.172.5.7 to 60.10.135.72 it creats one-to-one map as per the static defined and doesn't tranlate the source ip.

zulqurnain Fri, 05/04/2007 - 12:29
User Badges:
  • Bronze, 100 points or more

hi everyone,


i need advise n help, please tell me say something

Actions

This Discussion